Computer malware (such as Trojan horses, viruses and worms) is being developed at the ever-increasing pace and is using many methods for circumventing antivirus applications. One such method is to conceal certain resources of the computer system (such as files or registry branches) from the antivirus application, which is performing the antivirus check. By the classification of the antivirus companies, the malicious programs which make use of such a method are known as rootkits, or they make use of rootkit technology. Rootkit technologies turn out to be even more dangerous if it is possible to make use of vulnerabilities in components of the operating system (OS) which work at the kernel level. This does not allow present-day antivirus applications to detect malicious programs which use such technologies.
One approach to solving such a situation is to use a hypervisor, which affords isolation of different OSs from each other, a dividing of the resources between different running OSs, and a management of resources. At the same time, the execution of code in hypervisor mode occurs on an even lower level than the execution of code at the kernel level. Not surprisingly, the companies which make antivirus applications are interested in such an approach. However, current solutions are ineffective and in some cases impossible to employ.